[kismac] Re: suid off
- From: Robin L Darroch <robin@xxxxxxxxxxxxx>
- To: kismac@xxxxxxxxxxxxx
- Date: Thu, 28 Apr 2005 22:53:43 +0800
Apple snuck in a worthwhile security fix in the release. They
turned off the ability to use the SETUID bit in file permissions
which allows any user to start up an admin process. Most modern
Unix systems have removed this feature as a serious security risk.
I know this is going a bit off-topic, but I'm curious to know why the
SETUID bit is - in and of itself - a serious security risk. Surely
as long as the process in question is appropriately secure, allowing
it to run as an administrative user even though it has been called by
a regular user is sometimes an appropriate way of doing things. Of
course, it is the admin's responsibility to ensure that any SUID-root
application or script is secure (because otherwise buffer overflow
and break-out exploits could render the system insecure)... but it
should be up to the admin to do that, no?
Looking at it a different way, how do "modern Unix systems" enable an
ordinary user to achieve anything that would need admin permissions
along the way? How, to take the example of KisMAC, can an
administrator give regular users permission to (for example) load and
unload the wlan adapter drivers?
It's been a long time since I've been in a high-security-threat
environment (aside from the Internet in general, which is largely
taken care of as long as you're not running Windows)... would be
interested to hear more details on how things are supposed to be done
in these paranoid-delusional days. :)
Cheers,
Robin
--
-------------------------------------------------------------------------
Robin L. Darroch - PO Box 2715, South Hedland WA 6722 - +61 421 503 966
robin@xxxxxxxxxxxxx - robin@xxxxxxxxxxx - robin@xxxxxxxxxxxxx
Other related posts: